Manual Chapter : Adding a Variable Assign agent to collect the username in an OAuth MFA subroutine

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.1, 16.0.0
Manual Chapter

Adding a Variable Assign agent to collect the username in an OAuth MFA subroutine

You should have a per-request policy, and SAML authentication servers for authentication with and without MFA.
Create the subroutines to allow continuous checks and reauthenticate with RADIUS and MFA when the user goes to a specific URL.
  1. From the Main tab, click
    Access
    Profiles / Policies
    Per-Request Policies
    .
  2. Find the policy you want to edit, and in the Per-Request Policy column, click
    Edit
    .
  3. In the per-request policy, click
    Add New Subroutine
    .
  4. Name the subroutine for use with OAuth and MFA. For example,
    radius_mfa_okta
    .
  5. Click
    Save
    .
  6. Expand the subroutine, and click the plus to add a new item.
  7. Click the
    Assignment
    tab, select
    Variable Assign
    , and click
    Add Item
    .
  8. Click
    Add new entry
    .
  9. On the left, select
    Custom Variable
    and type
    subsession.logon.last.username
    .
  10. On the right, select
    Session Variable
    and type
    last.subsession.logon.last.logonname
    .
  11. Click
    Finished
    .
Configure the remaining items for the subroutine.